New year, new rules: Apple has just released two major changes for developers creating apps for macOS – including those distributed outside the Mac App Store – and iOS. Let’s take a look at them, therefore.
The Apple had already announced in the last WWDC that, from the macOS Catalina, apps distributed outside the Mac App Store would need to go through a process called notarization – which is, in basic terms, a “review” by Apple itself to make sure that the software complies with the system’s security terms and standards.
Originally, the obligation would start to apply with the arrival of Catalina itself; Apple, however, decided to postpone the change to make the transition smoother and not hurt users of older software. Now, we have a date set for the key change: February 3, 2020.
The requirement for notarization is not something new: Apple has been encouraging the process since macOS Mojave. You have certainly come across it, when trying to install an app on your Mac and receive a notice stating that “this app has been downloaded from the internet” and asking if you really want to install it; the difference is that, as of February next year, these warnings will turn into errors and the apps in question will no longer be able to be installed.[[Update: we made an errata, below.]
Apple recommends that developers submit their applications to the notarization service as soon as possible and review the notices in the development log; it is these points that must be corrected by 3/2 so that apps are properly rated and continue to run normally on macOS. This page contains more information about the notarization process.
It is worth noting that applications distributed through installation packages, which contain executable code, need to be notarized. Applications distributed on disk images (such as .dmg) do not necessarily need signatures, but they are still encouraged so that users can verify the reliability of files without difficulty.
In addition, Apple has given the API an ultimatum UIWebView, used by developers to display interactive internet content (such as an internal browser) in their apps. Apple has discouraged its use since iOS 8, but now it will actually ban it: from April 2020, the App Store will no longer accept new apps that use the API; in December, updates that implement it will no longer be accepted.
Apple instructs developers to switch UIWebView to the new standard WKWebView, which brings much greater doses of reliability and security – the new standard is supported on newer versions of iOS, macOS and Mac Catalyst, and ensures that insecure web content will not compromise the rest of the app by limiting the browser’s action.
Everyone taking notes?
Errata Dec 30, 2019 at 14:15
As pointed out by some readers in the comments, “non-notarized” apps will continue to be able to be installed, but the user will need to manually change an option in macOS, in the “Security and Privacy” area of System Preferences, for this to happen.